Home page logo

basics logo Security Basics mailing list archives

Vulnerability Scanning - Prioritising Remediation
From: J Teddy <jteddylists () gmail com>
Date: Tue, 20 Sep 2011 15:37:18 +1000

I'm currently documenting how to prioritise remediation efforts from
my last vulnerability scan.  As my assets have all had information
risk assessments conducted, I can easily calculate my CVSS score using
the CVSS2 calculator.

I then started thinking about compensating controls in my network
where I could possibly lower the priority of the remediation.  For
example the SSH vulnerability priority may be lowered as there is a
signature for prevention on my IPS.

The question I can not answer is if my IPS has prevention for such a
signature, and I’m running a vulnerability scan through that IPS, will
my IPS block those packets, with the end result being my VA scan does
not detect the vulnerability?


Securing Apache Web Server with thawte Digital Certificate
In this guide we examine the importance of Apache-SSL and who needs an SSL certificate.  We look at how SSL works, how 
it benefits your company and how your customers can tell if a site is secure. You will find out how to test, purchase, 
install and use a thawte Digital Certificate on your Apache web server. Throughout, best practices for set-up are 
highlighted to help you ensure efficient ongoing management of your encryption keys and digital certificates.


  By Date           By Thread  

Current thread:
[ Nmap | Sec Tools | Mailing Lists | Site News | About/Contact | Advertising | Privacy ]